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Abstract 

Analytica  is  an  automatic  theorem  prover  for  theorems  in  elementary  anal¬ 
ysis.  The  prover  is  written  in  Mathematica  language  and  runs  in  the  Math- 
ematica  environment.  The  goal  of  the  project  is  to  use  a  powerful  symbolic 
computation  system  to  prove  theorems  that  are  beyond  the  scope  of  previous 
automatic  theorem  provers.  The  theorem  prover  is  also  able  to  guarantee 
the  correctness  of  certain  steps  that  are  made  by  the  symbolic  computation 
system  and  therefore  prevent  common  errors  like  division  by  a  symbolic 
expression  that  could  be  zero. 

In  this  paper  we  describe  the  structure  of  Analytica  and  explain  the  main 
techniques  that  it  uses  to  construct  proofs.  Analytica  has  been  able  to  prove 
several  non-trivial  examples  including  the  basic  properties  of  the  stereo¬ 
graphic  projection  and  a  series  of  three  lemmas  that  lead  to  a  proof  of 
Weierstrass’s  example  of  a  continuous  nowhere  differentiable  function.  Each 
of  the  lemmas  in  the  latter  example  is  proved  completely  automatically. 


1  Introduction 


Current  automatic  theorem  provers,  particulaxly  those  based  on  some  vari¬ 
ant  of  resolution,  have  concentrated  on  obtaining  ever  higher  inference  rates 
by  using  clever  programming  techniques,  parallelism,  etc.  We  believe  that 
this  approach  is  unlikely  to  lead  to  a  useful  system  for  actually  doing  math¬ 
ematics.  The  main  problem  is  the  large  amount  of  domain  knowledge  that 
is  reqmred  for  even  the  simplest  proofs.  In  this  paper,  we  describe  an  alter¬ 
native  approach  that  involves  combining  an  automatic  theorem  prover  with 
a  symbolic  computation  system.  The  theorem  prover,  which  we  call  Ana- 
lytica,  is  able  to  exploit  the  mathematical  knowledge  that  is  built  into  this 
symbolic  computation  system.  In  addition,  it  can  guarantee  the  correctness 
of  certain  steps  that  are  made  by  the  symbolic  computation  system  and, 
therefore,  prevent  common  errors  like  division  by  an  expression  that  may  be 
zero. 

Analytica  is  written  in  the  Mathematica  programming  language  and  runs 
in  the  interactive  environment  provided  by  this  system  [19].  Since  we  wanted 
to  generate  proofs  that  were  similar  to  proofs  constructed  by  humans,  we 
have  used  a  variant  of  the  sequent  calculus  [9,  10]  in  the  inference  phase 
of  our  theorem  prover.  However,  quantifiers  are  handled  by  skolemization 
instead  of  explicit  quantifier  introduction  and  elimination  rules.  Although 
inequalities  play  a  key  role  in  aU  of  analysis,  Mathematica  is  only  able  to 
handle  very  simple  numeric  inequalities.  We  have  developed  a  technique 
that  is  complete  for  linear  inequalities  and  is  able  to  handle  a  large  class  of 
non-linear  inequalities  as  well.  This  technique  is  more  closely  related  to  the 
BOUNDER  system  developed  at  MIT  [16]  than  to  the  traditional  SUP-INF 
method  of  Bledsoe  [5].  Another  important  component  of  Analytica  deals 
with  expressions  involving  summation  and  product  operators.  A  large  num¬ 
ber  of  rules  are  devoted  to  the  basic  properties  of  these  operators.  We  have 
also  integrated  Gosper’s  algorithm  for  hypergeometric  sums  with  the  other 
summation  rules,  since  it  can  be  used  to  find  closed  form  representations  for 
a  wide  cla^s  of  summations  that  occur  in  practice. 

There  has  been  relatively  little  research  on  theorem  proving  in  analysis. 
Bledsoe’s  work  in  this  area  [3,  4]  is  certainly  the  best  known.  Analytica  has 
been  heavily  influenced  by  his  research.  More  recently.  Farmer,  Guttman, 
and  Thayer  at  Mitre  Corporation  [8]  have  developed  an  interactive  theorem 
prover  for  analysis  proofs  that  is  based  on  a  simple  type  theory.  Neither  of 
these  uses  a  symbolic  computation  system  for  manipulating  mathematical 
formulas,  however.  Suppes  and  Takahashi  [17]  have  combined  a  resolution 
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theorem  prover  with  the  Reduce  system,  but  their  prover  is  only  able  to 
check  very  small  steps  and  does  not  appear  to  have  been  able  to  handle  very 
complicated  proofs.  London  and  Musser  [14]  have  also  experimented  with 
the  use  of  Reduce  for  program  verification. 

Our  paper  is  organized  as  follows:  In  Section  2,  we  give  two  simple 
examples  that  illustrate  the  power  of  our  theorem  prover  and  show  how 
it  uses  various  symbolic  computation  techniques  provided  by  Mathematica. 
Section  3  contains  an  overview  of  the  structtire  of  Analytica  and  the  major 
techniques  that  it  uses  in  constructing  proofs.  Sections  4  and  5  describe 
several  of  the  most  important  techniques  in  greater  detail.  Section  4  deals 
with  summation  and  includes  a  short  description  of  how  we  have  integrated 
Gosper’s  algorithm  into  the  prover.  Section  5  discusses  how  Analytica  treats 
inequalities.  The  paper  concludes  in  Section  6  with  a  discussion  of  some 
extensions  that  we  hope  to  add  to  Analytica  in  the  near  future. 

2  Simple  examples  proved  by  Analytica 

In  each  example,  the  input  for  the  prover  is  given  first.  The  theorem  and  its 
proof  are  printed  by  the  theorem  prover.  Mathematica  automatically  gen¬ 
erates  Latex  commands  to  typeset  formulas  involving  algebraic  expressions. 
1.  The  sum  of  two  roots  of  a  quadratic  equation. 

Prov«CiBp[and[a!»0,  x!>*y,  a  x*2  +  b  x  +  c  ■■  0,  a  y*2  +  b  y  +  c  »  0]  , 

X  +  y  “  -b/a]] 

Theorem  : 

ax*  +  6x  c  =  0  A  ay*  -J-6y-f-c  =  0=>x-f-y  =  — 

Proof : 

a/OAxytyAc-Hftx-l-  ax*  =  0  A  c  -h  6y  -I-  oy*  =  0  =>  x  +  y  =  -- 

a 

reduces  to 

c  -I-  6x  ax*  =  0  A  c  6y  ay*  =  0  =*=>■  i  =  yVa  =  0Vx-fy  =  —  — 

u 

rewrite  as 

c  +  bx  +  ax*  =  0  A  c  -t-  6y  ay*  =  0  =»  x  —  y  =  0Va  =  0\/  =  0 

a 

reduces  to 

c  +  bx  +  ax*  =  0  A  c  +  6y  -t-  ay*  =  0  x  —  y  =  0'/o  =  0v6-|-a(i-f-y)=0 
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solve  linear  equation 

c  =  —  (*  (5  +  ox))  A  c  =  —  (y  (4  +  oy))  =»  x  —  y  =  0Vo=0v4  +  o(x  +  y)  =  0 
substitute  using  equation 

—  (x (5  +  ox))  =  —  (y (4  +  oy))  =>  X  —  y  =  OVo  =  OV5  +  o(x  +  y)  =  0 
reduces  to 

X  (4  +  ox)  =  y  (4  +  oy)  =>  X  —  y  =  0Vo  =  0V4  +  o(x  +  y)  =  0 

rewrite  as 

(x  —  y)  (4  +  ox  +  oy)  =  0  i  —  y=!0Vo  =  0\/4  +  oi  +  oy  =  0 

reduces  to 

x-y  =  0V4  +  o(x  +  y)  =  0=>x-y  =  0Vo  =  0v4  +  a(i  +  y)  =  0 
simplify  formula  using  local  context 

True 

□ 


2.  Closed  fonn  for  a  summation. 

Provo  Clap  [andCintegor  Cn]  ,  0<>>n,  n!»l],  8ua[2*lt/(l+*"  (2*k)) ,  fk,  0,  n}]  ■■ 

+  2*(n+l)/(l-**(2*(n+l)))]]: 


Theorem 


2"+* 


<■>0 


Proof ! 


reduces  to 


infeyer(n)  A  0  <  n  =»  m 


=  1  V  V — i 


1+m** 

m  —  1  1 

-  m*"-**  ^ 

2* 

1  . 

2-2" 

l+m»* 

—1  +  m 

1  -  m*  *" 

2* 

1 

=  -T - + 

2  ■  2" 

2*  — 1  +  m  1  —  m**" 


prove 


T— - =  — 

^  1  +  -I 


1 _  2  •2" 

+  m  1  —  m*'*" 


use  induction  on  n 
base  case  with  n  =  0 


1+m  — 1+m  1—  m* 
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reduces  to 


True 


3  An  overview  of  Analytica 

Analytica  consists  of  four  different  phases:  skolemization,  simplification, 
inference,  and  rewriting.  When  a  new  formula  is  submitted  to  Analytica  for 
proof,  it  is  first  skolemized  to  a  quantifier  free  form.  Then  it  is  simplified 
using  a  collection  of  algebraic  and  logical  reduction  rules.  If  the  formula 
reduces  to  true,  the  current  branch  of  the  inference  tree  terminates  with 
success.  If  not,  the  theorem  prover  checks  to  see  if  the  formula  matches 
the  conclusion  of  some  inference  rule.  If  a  match  is  found,  Analytica  will 
try  to  establish  the  hypothesis  of  the  rule.  If  the  hypothesis  consists  of  a 
single  formula,  then  it  will  try  to  prove  that  formula.  If  the  hypothesis 
consists  of  a  series  of  formulas,  then  Analytica  will  attempt  to  prove  each 
of  the  formulas  in  sequential  order.  K  no  inference  rule  is  applicable,  then 
various  rewrite  rules  are  used  attempting  to  convert  the  formula  to  another 
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equivalent  form.  If  the  rewriting  phase  is  unsuccessful,  the  search  terminates 
in  failure;  otherwise  the  simplification,  inference  and  rewriting  phases  will 
repeat  with  the  new  formula.  Backtracking  will  cause  the  entire  inference 
tree  to  be  searched  before  the  proof  of  the  original  goal  formula  terminates 
with  failure. 


3.1  Skolemization  phase 

In  Analytica  (as  in  Bledsoe’s  UT  Prover  [3]),  we  use  skolemization  to  deal 
with  the  quantifiers  that  occur  in  the  formula  to  be  proved.  Initially,  quan¬ 
tified  variables  are  standardized  so  that  each  has  a  unique  name.  We  define 
the  position  of  a  quantifier  within  a  formula  as  positive  if  it  is  in  the  scope 
of  even  number  of  negations,  and  negative  otherwise.  Skolemization  con¬ 
sists  of  the  following  procedure:  Replace  (3r.^(i))  at  positive  positions  or 
(Vi.4'(i))  at  negative  positions  by  («'(/(yi,y2,— ,yr>)))  where  x,yi,y2,  ...,yn 
are  all  the  free  variables  in  '^'(x)  and  /  is  a  new  function  symbol,  called  a 
skolem  function.  The  original  formula  is  satisfiable  if  and  only  if  its  skolem- 
ized  form  is  satisfiable.  Thus,  X  is  valid  if  and  only  if  X'  is  valid  where 
-iX'  is  the  skolemized  form  of  -'X  [9].  We  call  -<skolemize{~if)  the  nega¬ 
tively  skolemized  form  of  /  .  A  formula  is  valid  if  and  only  its  negatively 
skolemized  form  is  valid.  When  a  negatively  skolemized  formula  is  put  in 
prefix  form,  all  quantifiers  are  existential.  These  quantifiers  are  implicitly 
represented  by  marking  the  corresponding  quantified  variables.  The  marked 
variables  introduced  by  this  process  are  called  skolem  variables.  The  result¬ 
ing  formula  will  be  quantifier-free.  For  example,  the  skolemized  form  of  the 
formula 

(3x.Vy.P(x,y))  —>■  (3u.Vu.Q(u,  v)) 

is  given  by 

Pix,yo{x))  —  Qiuoi),v), 
while  its  negatively  skolemized  form  is 


Pi^aO^y)  —  Q{u,vo{u)). 


where  x,y,u  and  v  are  skolem  variables,  and  uo,vo,xo,yo  are  skolem  func¬ 
tions.  Although  formulas  are  represented  internaUy  in  skolemized  form  with¬ 
out  quantifiers,  quantifiers  are  added  when  a  formula  is  displayed  so  that 
proofs  will  be  easier  to  read. 
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3.2  Simplification  phase 

Simplification  is  the  key  phase  of  Analytica.  A  formula  is  simplified  with 
respect  to  its  proof  context.  Intuitively,  the  proof  context  consists  of  the 
formulas  that  may  be  assumed  true  when  the  formula  is  encountered  in 
the  proof.  The  formula  that  results  from  simplifying  /  under  context  C  is 
denoted  by  simplify{f,C).  In  order  for  the  simplification  procedure  to  be 
sound,  simplify{f,C)  must  always  satisfy  the  the  following  condition 

C  ^  simplify(f,C)  *-*  f. 

The  initial  context  Cq  in  each  simplification  phase  is  a  conjunction  of  all 
of  the  given  properties  of  the  variables  and  constants  in  the  theorem.  The 
initial  formula  in  each  simplification  phase  is  the  current  goal  of  the  theorem 
prover.  In  the  first  simplification  phase  it  is  the  result  of  the  skolemization 
phase.  In  each  subsequent  simplification  phase  it  is  the  result  of  the  previous 
rewriting  phase.  The  simplification  procedure  for  composite  formulas  is 
given  by  the  following  rules; 

1.  simplify{f)  =  simplify{f,CQ) 

2.  simplify(fi  A  /j.C)  =  f{  A  simplify{f2,C  A  f{) 
where  f{  =  simplify (fi,C  A  /j) 

3.  simplify{fi  V  /2,C)  =  /{  V  simplify{f2,C  A  -yf{) 
where  f[  =  8implify{fi,C  A -<f 2) 

4.  simplify{fi  -»  /2,C)  =  f{ -*  simplify{f2,C  A  f{) 
where  f{  =  simplify (fi,C  A  --/z) 

5.  simplify{->f,C)  =  -'simplify{f,C) 

The  soundness  of  these  rules  can  be  easily  established  by  structural  induc¬ 
tion.  For  example,  if  the  soundness  condition  holds  for  /i  and  /z,  it  wiU  also 
hold  for  /i  A  /z,  etc. 

A  large  number  of  rules  are  provided  for  simplifying  atomic  formulas 
(i.e.,  equations  and  inequalities)  using  context  information.  Some  examples 
of  rules  for  simplifying  inequalities  are  given  in  Section  5.  In  addition  to 
the  equation  and  inequality  rules,  special  simplification  rules  are  included 
to  handle  functions  that  are  frequently  used,  such  as  Abs,  Min,  Max,  Sum, 
Product,  Limit,  etc.  The  simplification  of  summations  and  products  is  dis¬ 
cussed  in  detail  in  Section  4. 
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The  following  example  illustrates  how  the  context  information  is  used  to 

simplifying  formulas: 

Theorem  : 

(0  <  a  <  i  =»  4*  -  a®  >  (i  -  af) 

Proof ; 


reduces  to 

reduces  to 

0<aAa  —  6<0 


0  <  o  <  4  =>  — o*  +  4®  >  (—a  +  4)^ 

0<aAa  —  4<0  =>  3a  (a  —  4)  4  <  0 

==>  (0  <  4  A  —a  +  4<0Va  —  4<0A6<0)Aa<0v 

0<aA(0<4Aa-4<0V-o  +  4<0A4<0) 


siaplify  foraula  using  context  information 

0<aAo  —  6<0  ==>■  0  <  4 
replace  expression  with  its  lover  or  upper  botinds 

0<aAo  —  4<0  =>  0  <  a 

reduces  to 


True 


□ 


3.3  Inference  phase 

The  inference  phase  is  based  on  the  sequent  calculus  [10].  We  selected  this 
approach  because  we  wanted  our  proofs  to  be  readable.  Suppose  that  /  is 
the  formula  that  we  want  to  prove.  In  this  phase  we  attempt  to  find  an 
instantiation  for  the  skolem  variables  that  makes  /  a  valid  ground  formula. 
In  order  to  accomplish  this,  /  is  decomposed  into  a  set  of  sequents  using 
rules  of  the  sequent  calculus.  Each  sequent  has  the  form  F  h-  A,  where  F 
and  A  are  initially  sets  of  subformulas  of  /.  The  formula  /  will  be  proved, 
if  substitution  can  be  found  that  makes  all  of  the  sequents  valid.  A  sequent 
F  I-  A  is  valid  if  it  is  impossible  to  make  all  of  the  elements  of  F  true  and 
all  of  the  elements  of  A  false. 

In  Analytica,  the  funcition  FindSubstitution{f)  is  used  to  determine  the 
appropriate  substitution  for  /.  If  /  is  not  provable,  FindSubstitution{f)  will 
return  Fail.  FindSubstitution  has  rules  corresponding  to  each  of  the  rules  of 
the  sequent  calculus  except  those  concerning  quantifiers.  The  two  rules  for 
implication  are  given  as  examples: 
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1.  Implification  on  the  left: 

FindSubstitution{T ,  A  —*  B,  Ah  A)  =  o’i<T2  where 
(Ti  =  FindSubstitution(T,A  H  A,  A),  and 
(T2  =  FindSubstitution{T(Ti, Bcri,  Affi  h  Aai). 

2.  Implication  on  the  right: 

FindSubstitution(T  h  A,  A -*  B,A)  =  FindSubstitution{T ,  A  h  A,B,A) 
Rules  are  also  needed  for  atomic  formulas.  The  three  below  are  typical. 

1.  Equation:  FindSubstitution(r  h  A,  a  =  b.  A)  =  a  where  aa  =  ba. 

2.  Inequality:  FindSubstitution{T,a  <  b.  Ah  A)  =  a  where  aa  =  bcr. 

3.  Matching:  FindSubstitution(T ,  A,  A  h  A, B,Q)  =  cr  where  Act  =  Bcr. 

Backtracking  is  often  necessary  in  the  inference  phase  when  there  are 
multiple  subgoals,  because  a  substitution  that  makes  one  subgoal  valid  may 
not  make  another  subgoal  valid.  When  this  happens  it  is  necessary  to  find 
another  substitution  for  the  first  subgoal.  In  order  to  restart  the  inference 
phase  at  the  correct  point,  a  stack  is  added  to  the  procedure  described  above. 
When  a  nile  is  applied  that  may  generate  several  subgoals,  one  subgoal  is 
selected  as  the  current  goal  and  the  others  are  saved  on  the  stack.  If  some 
substitution  cr  makes  the  current  subgoal  valid,  then  a  is  applied  to  the 
other  subgoals  on  the  stack  and  Analytica  attempts  to  prove  them.  If  the 
other  subgoals  are  not  valid  under  <t,  then  Analytica  returns  to  the  previous 
goal  and  tries  to  find  another  substitution  that  makes  it  valid. 

Special  tactics  are  included  in  the  inference  phase  for  handling  inequali¬ 
ties  and  constructing  inductive  proofs.  The  tactic  that  is  used  for  inequalities 
is  described  in  detail  in  Section  5  and  will  not  be  discussed  further  here.  The 
induction  tactic  enables  Analytica  to  select  a  suitable  induction  scheme  for 
the  formula  to  be  proved  and  attempts  to  establish  the  basis  and  induction 
steps.  A  typical  induction  scheme  is 

/(no)  A  Vn(n  >  no  A  /(n)  -*  /(n  -h  1))  =>  Vn(n  >  no  /(n)) 

In  this  case,  we  need  only  to  identify  the  induction  variable  n  and  determine 
the  base  value  for  n.  In  order  to  find  a  suitable  induction  variable  for 
formula  /,  we  list  all  variables  that  appear  in  /  and  select  those  that  have 
type  integer.  To  reduce  the  search  space,  we  would  like  to  make  sure  that 
our  choice  of  the  induction  variable  is  a  good  one.  The  choice  is  good  if  the 
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induction  hypothesis  is  useful  for  proving  the  induction  conclusion.  This  will 
be  more  likely  if  the  terms  that  appear  in  the  induction  conclusion  appear 
either  in  the  induction  hypothesis  or  in  the  current  context.  Hence,  we  arrive 
at  the  following  heuristic  for  selecting  the  induction  variable:  Use  n  as  the 
induction  variable  to  prove  /(n)  provided  that  /(n+  1)  only  contains  terms 
that  already  appear  in  /(n)  or  in  the  current  context.  Once  the  induction 
variable  n  has  been  selected,  a  base  value  for  that  variable  must  be  found 
in  order  to  start  the  induction.  In  AnaJytka,  a  suitable  base  value  may 
be  determined  by  calculating  the  set  of  lower  bounds  of  n  as  described  in 
Section  5  and  choosing  the  simplest  element  of  this  set.  If  the  basi  case  fails 
for  this  value,  Analytica  will  choose  another  base  value  and  try  again  until 
the  basis  is  proven  or  no  other  choice  is  available.  In  the  former  case,  the 
induction  step  is  tried;  otherwise  the  induction  scheme  fails  and  Analytica 
will  try  other  techniques  like  those  in  the  rewriting  phase.  This  strategy 
is  used  in  the  constructing  the  induction  proof  for  the  second  example  in 
Section  2. 

3.4  Rewrite  phase 

Five  rewriting  tactics  are  used  in  Analytica: 

1.  When  the  left  hand  side  of  an  equation  in  the  hypothesis  appears  in 
the  sequent,  it  is  replaced  by  the  right  hand  side  of  the  equation.  For 
example, 

2^ _ ]_  2-2" 

1  +  —  1  +  Tn  ^  1  — 

2-2"  2*^  \  1  4-2" 

1  +  m2-2"  ^  1  -I-  )  - 1  +  m  ^  1  - 

substitute  using  equation 

1  2-2" 

-1  +  m  ^  1  — 

2-2"  1  2-2" _ 1_  4-2" 

1  +  m^'*"  ^  — 1  +  m^  1  —  —  1  +  m  ^  1  — 

2.  Rewrite  a  trigonometric  expression  to  an  equivalent  form. 


V  —f _ 

&  1  + 
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Given  that  a  is  an  odd  integer,  k,m,n  are  integers,  m  <  n, 

—  cos(xa"i)  +  (-1)*^  cos(Ta~'”'''"(a”'i  —  k))  =  0 
rewrite  trigonometric  expressions 

True 

3.  Move  all  terms  in  equations  or  inequalities  to  left  hand  side  and  factor 
the  expression. 

(  — 1  +  2:3)^  (-1  +  J/2^  +  ,  ,  2  ,  (  — 1  + 

- n -  =  —  1  +  2:3  - 7; — 

(~1  +  ya)  (~1  +  2/3) 

rewrite  as 

2(-l  +  i3)(2:3  -  ys)  ^  Q 
-1  +  y3 

4.  Solve  linear  equations. 

c  +  bx  +  ax^  =  0  A  c  +  +  ay^  =  0  =>  i-y  =  0V6  +  a(x  +  j/)  =  0 

solve  linear  equation 

c  =  -  (i (6  +  ax)) Ac  =  -{y{b  +  ay))  ==>  x-y  =  0Wb+a{x  +  y)  =  0 

5.  Replace  a  user  defined  function  by  its  definition.  In  the  example  below 
the  user  defined  function  5  is  expanded. 

0  <  7ra'"6”*  +  (1  -  ab)  Abs(5(m)) 

expand  definition 

0  <  +a-ab)  Abs('yf  +  + 

4  Summation 

Summations  play  an  important  role  in  symbolic  computation.  Nevertheless, 
Mathematica’s  ability  to  handle  summations  is  very  limited.  A  summation 
with  range  from  rii  to  TI2,  where  rii  and  n2  are  integers  and  Ui  <  n^, 
is  explicitly  expanded  into  a  sum  with  n2  —  ni  +  1  terms.  However,  a 
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summation  with  a  symbolic  range  will  not  be  simplified.  Consequently,  we 
have  introduced  a  large  number  of  special  rules  for  dealing  with  summations. 
Although  most  of  the  rules  are  based  on  simple  identities,  Analytica  is  able 
to  handle  a  large  range  of  summations  in  example  proofs.  Analogous  rules 
for  products  are  also  included  in  Analytica.  A  few  of  the  rules  for  summation 
are  listed  below.  The  rules  are  partitioned  into  three  sets. 

1.  The  first  set  of  rules  reduces  the  number  of  summations  occurring  in 
the  expression  to  be  simplified. 


EnL 

:ni 

c  =  c 

■in,  -  ni 

-b  1)  where  c  is  a 

constant 

E”i 

:ni 

fiin. 

,  f2in)  ■■ 

=  UlnAfiin)  +  f2i 

E;ii 

■ni 

fin) 

+1  fin) 

— 

Z-tn=ni 

fin) 

Eni 

m 

fin) 

Zwn=ni 

fin)  = 

(n=fi2  -1-1 

fin) 

e;il 

:ni 

fin) 

_ 

4.^7135112 

fin)  = 

Z^n=ni  -HI 

fin) 

2.  The  second  set  does  not  change  the  number  of  summations,  but  sim¬ 
plifies  summands. 

EnLni  <=/(”)  =  cE"=ni  ®  is  a  constant 

zZn,  /(*  - 1)  =  E£;|-i  m 

3.  The  third  set  does  not  change  the  number  of  summations  or  the  sum¬ 
mands,  but  simplifies  the  ranges. 

EllLn,  /(«)  =  -  EnL^'-n  fin)  if  ni  >  n2 

EnLtf  fin)  =  (EnU.  fin))  +  /(n2  +  1)  +  ...  +  /(n^  N) 

EllLnf  fin)  =  (E;;U,  fin))  -  fin,)  -  ...  -  /{n,  -  N  +  1) 

where  N  is  positive  integer 

4.1  A  summation  example 

The  following  example  comes  from  a  lemma  used  in  the  proof  of  the  e,xistence 
of  a  continuous,  nowhere  differentiable  function  given  by  Weierstrass.  [18] 


6"  co8(»o"r)  —  (— 1)“ 

nmO 


^6"(H-cos(to 


oo 

^6’’cos(jra-”’+"(l  -l-a)) 
nsO 
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-1+m 

+  6"  (—  cos(xa"z)  +  cos(jra"”''*'"  (1  +  a)))  =  0 

n=0 

sinplity  suamations 


\  \nmm 


6"  (l  +co8(Ta-"’+"f(m))) 


))4‘" 


(cos(ra"x)  —  cos(xa  (1  4-  a))) 


“1  +  m 


+  y  ^  6"  (— cos(5ra"r)  +  co8(ira“’"'*'"  (1  +  a)))  =  0 
nsO 

aiaplify  sufflaationa 

-  ((-1)“  (  ^  ft"  (l  +cos(ra-'"+"^(m)))  j  j+^  6"  (cos(7ra”i)  -  cos(7ra-’"+"  (1  +  a)))  =  0 

\  \nam  /  /  nam 

aiMplity  Buaaations 

oo 

(— (— (l  +  co8(ira“'"'*’“{(m)))  +  ft"  (cos(Ta"z)  —  cos(Ta~'"'*’"  (1  +  a))))  =  0 

nsm 

reduces  to 

OO 

^^(6"  (— co8(*’a”z)  +  (—1)“  (l  +  cos(xa~”’''’"((m)))  +  cos(xa"'"'*'"  (1  +  a))))  =  0 

nmm 

This  can  be  simplified  to  True  by  trigonometric  rules. 


4.2  Gosper’s  Algorithm 

In  many  examples,  it  would  be  helpful  if  we  could  obtain  a  closed  form 
representation  for  some  summation.  Gosper^s  algorithm  is  able  to  compute 
such  a  representation  for  a  large  class  of  summations.  Consequently,  we 
have  also  integrated  this  method  into  our  theorem  prover.  A  function  g  is 
said  to  be  a  hypergeometric  function  if  g{n  +  l)/g('n)  is  a  rational  function 
of  n.  Gosper’s  algorithm  is  able  to  find  a  closed  form  for  the  series  “fe 
when  there  is  a  hypergeometric  function  that  satisfies  g{n)  =  J2k=i  + 

[13].  The  following  example  illustrates  how  Gosper’s  algorithm  is  used  in 
Analytica: 

Theorem  ; 

(li)  >  1  =►  ik* +(2*2  +  1) *  +  i2  (z^  +  l))  2^ 

Proof : 

^  ^  ^  ik»  +  *2  (!  +  *»)  + /t(l  +2*2)^  2 
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reduces  to 


5  Inequalities 

Inequalities  play  a  key  role  in  all  areas  of  analysis.  Since  Mathematica 
does  not  provide  any  facility  for  handling  inequalities,  we  have  built  several 
techniques  into  Analytica  for  reasoning  about  them. 

5.1  Simplification  of  inequalities 

There  are  many  rules  that  simplify  atomic  formulas  involving  inequalities. 
However,  we  only  include  four  examples. 

1.  simplify(0  <  a^,C)  =  True  if  simpHfy{0  <  a,C)  =  True 

2.  simplify(0  <  a^,C)  =  True  if  simplify{0  <  a,  C)  =  True 

3.  simplify{d^  <  0,  C)  =  False  if  simplify{Q  <  a,  C)  =  True 

4.  simplify{a’'  <  0,  C)  =  False  if  simplify{0  <  a,  C)  =  True 
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There  are  also  rules  that  use  upper  and  lower  bound  information  to  sim¬ 
plify  inequalities.  If  a  has  a  negative  upper  bound,  then  a  <  0  is  true,  while 
a  >  0  and  a  =  0  are  both  false.  The  function  Lower  (Upper)  gives  a  set  of 
lower(upper)  bounds  for  its  argument  and  will  be  discussed  in  Section  5.3. 
The  set  of  lower(upper)  bounds  is  calculated  in  the  current  context. 

1.  simplify{fi  <  f2,C)  =  False  if  3x[x  6  Lower{f-i  —  f2,C)  A  x  >  0]. 

2.  siTnplify{fi  <  fiiC)  =  True  if  3x[x  €  Lower{f2  —  fi,C)  A  x  >  0]. 

3.  siTnplify{fi  <  f2,C)  =  True  if  9x[i  €  Lower{f2  —  /i,C)  A  x  >  0]. 

4.  simplify(fi  <  /2,C)  =  False  if  3x(x  6  Lower{f\  —  f2,C)  A  x  >  0]. 

5.2  Proof  strategy  for  Inequalities 

Although  many  inequality  formulas  can  be  handled  in  the  simplification 
phase,  some  valid  inequality  formulas  cannot  be  reduced  to  true  in  this 
phase.  For  example,  (a<0A6<a)— >6<0  cannot  be  proved  by  the  tech¬ 
nique  used  in  simplification  phase  alone.  Other  more  powerful  techniques 
for  deciding  satisfiability  of  inequality  formuleis  must  be  used  in  addition. 
If  the  inequality  a  <  6  is  not  directly  provable  using  the  techniques  in  the 
simplification  phase,  then  Analytica  will  try  to  find  a  term  c,  such  that  a  <  c 
and  c  <  6  are  both  provable  in  the  current  context.  In  order  to  find  such  a 
term  c,  we  compute  a  set  of  upper  bounds  for  a  and  a  set  of  lower  bounds  for 
b  by  using  information  provided  by  the  current  context.  The  sets  computed 
are  denoted  by  Upp€r{a)  and  Lower{b),  respectively.  A  term  x  wiU  be  in 
Upper{a)  only  if  a  <=  x  is  true  in  the  current  context.  Likewise,  x  wiU  be 
in  Lower(b)  only  if  x  <=  b  is  true  in  the  current  context.  To  prove  o  <  6,  it 
is  sufficient  to  prove  that  there  is  some  c  G  Upper{a)  such  that  c  <  6  is  true 
or  that  there  is  some  c  €  Lower{b)  such  that  a  <  c  is  true. 

In  order  to  deal  with  strict  inequalities,  we  introduce  a  new  symbol  S 
such  that  both  SL{a)  <  b  and  a  <  Su{b)  are  equivalent  to  a  <  b.  Hence, 
Suix)  G  Upper{a)  only  if  a  <  i  is  true  in  the  current  context,  and  Sl{x)  G 
Lower{a)  only  if  x  <  o  is  true  in  the  current  context.  Su{a)  +  b  =  Sir{a  +  b) 
because  c  <  Su{a,  -f-6)iffc<a-t-6iffc  —  6<aiffc-f)<  5t;(a)  iff 
c  <  Suia)  +  b.  Similarly,  S[,{a)  +  b  =  Scia  -I-  b),  -Siia)  =  Su{-a)  and 
—Su{o)  =  5£,(— a),  etc.  This  convention  permits  both  strict  inequalities  and 
nonstrict  inequalities  to  be  handled  by  the  same  method. 

It  is  possible  to  show  that  the  technique  is  complete  for  linear  inequalities, 
and  it  can  also  be  used  to  prove  many  of  the  nonlinear  inequalities  that  arise 
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in  practice.  The  technique  is  not  guaranteed  to  be  complete  for  nonlinear 
inequalities,  however. 

5.3  Calculating  upper  and  lower  bounds  for  expressions 

There  axe  three  main  ways  of  obtaining  upper  and  lower  bounds  for  expres¬ 
sions. 

1.  Obtain  bounds  from  context  information: 

Upper  and  lower  bounds  for  an  expression  are  calculated  in  the  current 
context.  For  example,  when  proving  (a  <  b)V  c,  the  upper  bounds  of 
a  and  the  lower  bounds  of  b  are  calculated  under  the  context  of  -ic.  In 
general.  If  a  <  6  is  a  conjunct  of  the  current  context,  we  have 

a  €  Lower(b),  b  £  Upper{a), 

and  if  a  <  6  is  a  conjunct  of  the  current  context,  we  have 

5l(o)  €  Lower(a),  Suib)  G  Upper{a). 

2.  Obtain  bounds  from  the  monotonicity  of  some  function: 

If  /  is  a  monotonically  increasing  function,  and  a'  is  an  upper(lower) 
bound  of  a,  /(o')  is  an  upper(lower)  bound  of  /(a);  if  /  is  a  monoton¬ 
ically  decreasing  function  and  a'  is  an  upper(lower)  bound  of  a,  /(o') 
is  a  lower(upper)  bound  of  /(a).  For  example: 

{cx\x  €  Upp€r{a)}  C  Lower{ca),  if  c  <  0 

3.  Use  some  known  bound  on  the  value  of  a  function: 

If  /  is  bounded,  i.e.  for  all  x,  f(x)  <  M,  or  f(x)  >  M\  M  is  an  upper 
bound  for  f{x)  and  M'  a  lower  bound  for  f{x).  For  example: 

I  -I-  ^  6  Upper{round[x)) 

X  ~  jr  £  Lower{round{x)) 

£ 
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5.4  An  example  to  illustrate  inequality  proofs 

The  following  example  also  comes  from  the  proof  of  the  Weierstrass  theorem 
mentioned  earlier.  Assume  that  6  >  0, 

3  (E”  ^  t"  (1  +  cos(xa— -  roundja-)))))  ^  ^ 

1  —  (o'"  —  roon(i(a"‘)) 
replace  expression  vith  its  loser  or  upper  bounds 

_  3t”*  (1  -t-  coa(ir(a”‘  -  roun<i(o"*))))  ^ 

1  —  (a"  —  rottnd{a’”))  ~ 

reduces  to 

2  _  3(1+  co8(T(a'"  -  round(o”‘))))  ^ 

1  —  (o’"  —  roofid(o'"))  ~ 
replace  expression  sith  its  loser  or  upper  bounds 

— 2co8(T(a'"  —  roun<l(a'")))  <  0 

reduces  to 

0  <  cos(x(o'"  —  round(a"' ))) 

The  last  inequality  will  be  reduced  to  True  in  the  rewriting  phase  by  using 
the  tactic  for  trigonometric  identities. 

6  Conclusion 

In  a  related  project  that  we  plan  to  describe  in  a  forthcoming  paper,  we 
have  managed  to  prove  all  of  the  theorems  and  examples  in  Chapter  2  of 
Ramanujan’s  Collected  Works[2]  completely  automatically.  The  techniques 
that  we  use  2^*6  similar  to  those  described  in  this  paper.  We  believe  that  the 
examples  that  we  have  been  able  to  prove  provide  convincing  justification  for 
combining  powerful  symbolic  computation  techniques  with  theorem  provers. 

Nevertheless,  there  are  many  ways  to  improve  Analytica.  One  direction 
is  to  add  powerful  algorithmic  techniques  for  simplifying  particular  classes 
of  formulas  (like  extensions  of  Gosper’s  algorithm  for  summations).  The 
difficulty  with  adding  such  techniques  is  that  a  proof  obtained  in  this  manner 
may  be  virtually  impossible  for  a  human  to  follow. 

Another  direction  is  to  strengthen  the  ability  of  Analytica  to  do  inductive 
proofs.  The  technique  that  Analytica  currently  uses  for  generating  induc¬ 
tion  schemes  is  quite  simple.  More  research  is  needed  on  the  generation  of 
complex  induction  schemes  and  the  identification  of  sufficiently  general  hy¬ 
potheses  for  inductive  proofs.  There  has  been  a  fair  amount  of  research  on 
this  problem  [6,  7],  but  more  work  should  be  done  in  the  context  of  inductive 
proofs  in  analysis. 
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Most  proofs  in  modern  analysis  are  based  on  set  theory  and  many  use 
topological  concepts.  Clearly,  the  extension  of  Analytica  to  handle  such 
proofs  is  critical.  Although  theorem  proving  in  set  theory  has  been  an 
important  problem  for  a  long  time,  there  is  no  generally  accepted  technique 
for  constructing  such  proofs.  The  most  successful  work  on  set  theory  so  far  is 
probably  that  of  Quaife  [15].  His  work,  however,  uses  a  theorem  prover  based 
on  hyper-resolution  and  may  not  produce  proofs  that  are  very  readable. 

Better  methods  for  managing  hypotheses  and  previously  proved  lemmas 
and  theorems  are  also  needed.  Techniques  developed  for  proof  checking 
systems  like  LCF  [12]  and  HOL  [11]  may  be  adequate  in  the  short  run,  but 
some  type  of  higher-order  unification  or  matching  will  probably  be  necessary 
in  the  majority  of  cases.  In  general,  deciding  when  to  use  an  hypothesis  or 
previous  result  is  a  very  difficult  problem.  Every  student  of  elementary 
calculus  learns  the  mean  value  theorem  by  heart,  but  giving  a  good  set  of 
rules  for  determining  when  to  apply  this  theorem  in  order  to  obtain  a  simpler 
bound  on  some  complicated  expression  is  not  easy. 

Certainly,  some  type  of  higher  order  logic  would  be  more  appropriate 
for  analysis  than  the  first  order  logic  we  currently  use.  The  ability  to  state 
higher-order  lemmas  would  be  an  additional  advantage  of  basing  the  prover 
on  a  higher  order  logic  and  might  help  solve  the  problem  described  in  the 
last  paragraph.  We  intend  to  experiment  with  combining  ideas  from  this 
paper  with  Andrews’  theorem  prover  for  higher  order  logic  [1]  in  the  near 
future. 

Perhaps,  the  most  serious  problem  in  building  a  theorem  prover  like  An- 
aiytica  is  the  soundness  of  the  underlying  symbolic  computation  system. 
Mathematica  (as  well  as  Maesyma,  Reduce,  and  Maple)  h2ts  some  rules  that 
lead  to  correct  results  in  most  cases  but  do  not  lead  to  correct  results  aU 
the  time.  We  believe  the  solution  to  the  soundness  problem  is  to  develop 
the  theorem  prover  and  the  symbolic  computation  system  together  so  that 
each  simplification  step  can  be  rigorously  justified. 
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